On Android, installing an application implies accepting the permissions it requests, and these permissions are then enforced at runtime. In this work, we focus on the privacy implications of the ACCESS_WIFI_STATE permission. For this purpose, we analyzed permissions of the 2700 most popular applications on Google Play and found that the ACCESS_WIFI_STATE permission is used by 41% of them. We then performed a static analysis of 998 applications requesting this permission and based on the results, chose 88 applications for dynamic analysis. Our analyses reveal that this permission is already used by some companies to collect user Personally Identifiable Information (PII). We also conducted an online survey to study users' perception of the privacy risks associated with this permission. This survey shows that users largely underestimate the privacy implications of this permission. As this permission is very common, most users are therefore potentially at risk.
Short Paper: WifiLeaks: Underestimated Privacy Implications of the Access_Wifi_State Android Permission
WISEC 2014, 7th ACM Conference on Security and Privacy in Wireless and Mobile Networks, 23-25 July 2014, Oxford, United Kingdom
Type:
Conference
City:
Oxford
Date:
2014-07-23
Department:
Digital Security
Eurecom Ref:
4305
Copyright:
© ACM, 2014. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in WISEC 2014, 7th ACM Conference on Security and Privacy in Wireless and Mobile Networks, 23-25 July 2014, Oxford, United Kingdom http://dx.doi.org/10.1145/2627393.2627399
See also:
PERMALINK : https://www.eurecom.fr/publication/4305
